Security Vulnerabilities
DNG SDK versions 1.7.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-12-09
DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this issue to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-12-09
Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-12-09
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally.
CVSS Score
8.4
EPSS Score
0.001
Published
2025-12-09
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-12-09
Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-12-09
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-12-09
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted requests
CVSS Score
7.2
EPSS Score
0.0
Published
2025-12-09
A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-12-09
A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests
CVSS Score
4.9
EPSS Score
0.0
Published
2025-12-09